top of page

National Security Agency Recommends Refraining From Using C/C++

"It takes decades to build a reputation and few minutes of cyber-incident to ruin it."

Introduction

On 10 November 2022, the National Security Agency of the USA published a document that highlighted how poor memory management issues bring negative impacts, such as unauthorized code execution. As a result, NSA recommends using memory-safe languages when possible.


Executive Summary

Based on the information provided by Microsoft and Google for the last several years, 70% of their vulnerabilities were due to memory safety issues.

The summary outcome was that the commonly used languages as C and C++, provide too much freedom and flexibility in memory management. In such a scenario, the security is heavily on the programmer's shoulder to perform all required checks and develop secure code from a memory reference perspective.

However, simple mistakes can lead o exploitable memory-based vulnerabilities.


Recommendations

By considering the vulnerabilities problem with programming languages without safe memory management, such as C/C++, the NSA recommends using memory-safe languages where possible, like C#, Java, Rust, Go, Swift, etc.

Therefore, the overarching software community across the private sector, academia, and the U.S. Government have begun initiatives to drive the culture of software development towards utilizing memory safe languages.


Original Research Document

Here is the originally published document by NSA for detailed information.


CSI_SOFTWARE_MEMORY_SAFETY
.pdf
Download PDF • 324KB

Follow us on LinkedIn or Facebook for more interesting topics.




Recent Posts

See All

Comments


bottom of page